GraphQLBundle
GraphQLBundle copied to clipboard
overblog
Example from doc not working under Symfony 6
| Q | A |
|---|---|
| Bug report? | no |
| Feature request? | no |
| BC Break report? | no |
| RFC? | no |
| Version/Branch | master |
I would like to call the Authorization Checker directly within my GraphQL type definition in YAML as suggested in security/fields-public-control.md.
However this fails under Symfony 6 with the following message:
The "security.authorization_checker" service or alias has been removed or inlined when the container was compiled. You should either make it public, or stop using the container directly and use dependency injection instead.
Hence the doc should be updated. Is there any nice way to achieve the above besides of creating my own dummy wrapper around the AuthorizationChecker?
Hi @hunhejj
Indeed, calling security.authorization_checker is no longer possible since Symfony remove or inline services. The documentation is outdated.
Instead you can use @=hasRole(['ROLE_FOOBAR') to check if the user has a particular role or @=hasAnyRole(['ROLE_FOO', 'ROLE_BAR']) to check if the user has one of these roles.
You can find documentation about these expressions here : https://github.com/overblog/GraphQLBundle/blob/master/docs/definitions/expression-language.md#hasrole
And if you want to check roles against an object, you can use @=hasPermission or @=hasAnyPermission
